We all have habits. Morning coffee (no sugar, just some milk), two eggs (sunny side up), reading mail wile you are not completely awaken, and a lot more. We all follow some kind of rules we have set for ourselves. We all have some favorites: names, cities and even numbers; maybe an important date or place. Can we exploit people’s habits to break their passwords effectively instead of using brute force? We can, and here’s the how-to.

Virtual machines use a portable, hardware-independent environment to perform essentially the same role as an actual computer. Activities performed under the virtual umbrella leave trails mostly in the VM image files and not on the host computer. The ability to analyze virtual machines becomes essential when performing digital investigations.

When connecting an iPhone to a computer for the first time, you’ll see the prompt asking you whether to trust the computer. Trusting a computer enables your phone and computer to exchange information. However, should the trusted computer fall into the wrong hands, the pairing record from that computer could be used to pull information from your iPhone. Learn about the risks associated with pairing records and how to block unwanted connections by untrusting connected computers from your iPhone.

The iOS backup system is truly unrivalled. The highly comprehensive, versatile and secure backups can be created with Apple iTunes. For the user, local backups are a convenient and easy way to transfer data to a new device or restore an existing one after a factory reset. For forensic experts, iOS backups are an equally convenient, versatile and easy way to obtain a copy of the user’s data without attempting to break into the device. In malicious hands, the backup becomes a dangerous weapon. Logins and passwords from the Keychain allow hackers accessing the user’s social accounts, messages, and financial information. A backup password can be set to protect local backups, but it can be removed just as easily shall the hacker have access to the physical iPhone and know its passcode. In this article, we’ll discuss how the Screen Time password can be used to further strengthen the protection of local backups.

iOS 14 is officially out. It’s a big release from the privacy protection standpoint, but little had changed for the forensic expert. In this article, we’ll review what has changed in iOS 14 in the ways relevant for the forensic crowd.

How many times have you seen the phrase: “Your password is securely encrypted”? More often than not, taking it at face value has little sense. Encryption means the data (such as the password) can be decrypted if you have the right key. Most passwords, however, cannot be decrypted since they weren’t encrypted in the first place. Instead, one might be able to recover them by running a lengthy attack. Let’s talk about the differences between encryption and hashing and discuss why some passwords are so much tougher to break.

Last year, we have developed an innovative way to extract iPhone data without a jailbreak. The method’s numerous advantages were outweighed with a major drawback: an Apple ID enrolled in the paid Apple’s Developer program was required to sign the extraction binary. This is no longer an issue on Mac computers with the improved sideloading technique.

We have discovered a way to unlock encrypted iPhones protected with an unknown screen lock passcode. Our method supports two legacy iPhone models, the iPhone 5 and 5c, and requires a Mac to run the attack. Our solution is decidedly software-only; it does not require soldering, disassembling, or buying extra hardware. All you need is iOS Forensic Toolkit (new version), a Mac computer, and a USB-A to Lightning cable. In this guide, we’ll demonstrate how to unlock and image the iPhone 5 and 5c devices.

LUKS encryption is widely used in various Linux distributions to protect disks and create encrypted containers. Being a platform-independent, open-source specification, LUKS can be viewed as an exemplary implementation of disk encryption. Offering the choice of multiple encryption algorithms, several modes of encryption and several hash functions to choose from, LUKS is one of the tougher disk encryption systems to break. Learn how to deal with LUKS encryption in Windows and how to break in with distributed password attacks.

Tor Browser is a well-known tool for browsing the Web while renaming anonymous, while Qihoo 360 Safe Browser is one of China’s most popular desktop Web browsers. According to some sources, it might be the second most-popular desktop Web browser in China. Like many other Chromium-based browsers, 360 Safe Browser offers the ability to save and securely store website passwords, but the implementation is unexpectedly different from most other browsers. An update to Elcomsoft Internet Password Breaker enables the extraction of Qihoo 360 Safe Browser and Tor Browser passwords. Does the “360 Safe” moniker stand the trial, and is Tor really anonymous? Read along to find out!